How to prove you're not a dog
Proving your identity online has always been a challenge. In some countries, new automated solutions are beginning to have a BIG impact. And there is potential for the benefits to be extended and accelerated.
One of the first ever internet memes dates right back to 1993.
It is a cartoon of a dog, sitting at a PC, above the caption, “on the internet, no one knows you’re a dog”. It first appeared in the New Yorker magazine. And it was a comment on the anonymity of the internet at a time when there was no real need or means for anyone to prove their true identity online.
It is ironic the meme persists. Thirty years on, it can still be cumbersome for anyone to prove who they really are online. Yet, today, almost every online digital service needs to identify its users.
Think about all the digital services you use on regular basis. From online shopping, to streaming music and video, to social media, to banking and payment apps. They all aim to deliver a personalised service. And, to function effectively, they all need to register and recognise you, as an individual – it is a common denominator across all of them.
Consequently, almost every entity with an online presence routinely gathers personally identifiable information from their users, then issue their own identity credentials, usually in the form of usernames and passwords. As a result, we get utter fragmentation. It’s frustrating for us, as users, to manage. It’s woefully inefficient, with thousands-upon-thousands of separate identity management and authentication solutions all doing the same thing. It’s inherently insecure. And it prevents the smooth, integrated delivery of digital services.
Of course, there are degrees of complexity. For some websites, a cursory check is all that is required (in the case of an e-commerce retailer, for example). Often, security is a big consideration (perhaps with a car rental service, or a ride hailing app). Increasingly, there are regulatory requirements to be met (which is often the case for airlines, online gaming sites, financial services providers, government services and more). But it is difficult to think of a single digital or online service that doesn’t ask for at least some identity-related details.
The experience for us, as consumers, ranges from the tedious, to the cumbersome, to the downright exasperating. Consider, for example, that most people have an average of 80-100 passwords to remember1, that three quarters have had to reset at least one forgotten password in the past 90 days2, and almost two thirds of us admit to reusing passwords, with the 18-to-24-year-olds being the worst offenders3. Consider also that each time there’s a password glitch, there’s a risk of abandonment (indeed, by some estimates, the average consumer abandons 16 purchases a year due to password frustration)4.
An obvious, although tricky-to-implement solution, is universal eID (or electronic identification) credentials, which could act a little like your digital passport . Hosted by a trusted third-party, these credentials could be summoned up whenever it is necessary for a website or an app to register, verify a user’s identity and ensure the same person is returning that had originally registered. It’s important to highlight that the user has autonomy over what data they share.
The user would retain complete control. The credentials would only ever be shared with their explicit consent. And the type and level of data shared would vary according to context (name and address for an e-commerce retailer for example, age verification for an online gaming site, driving license details for a car rental agency, passport details for a new bank account or government service, and so on). Right there, in one secure and seamless digital solution, they would have everything they need to verify our identity and/or authorise a digital transaction and/or sign a legally binding agreement.
Technically, it is a perfectly feasible vision. Realistically, every entity with an online presence would appreciate the benefits. And surely, as consumers, we would welcome the opportunity to streamline processes and make once arduous tasks quicker and more secure (no longer any need to scan ID documents, or upload a selfie, or wait for an SMS to validate a transaction).
Practically, though, it is a daunting implementation challenge. It is difficult to envisage any single entity having the credibility, much less the business case, to set-up and scale a unilateral solution. So, a collective approach, guided by government oversight, is clearly warranted.
Fortunately, there are several real-world examples that are gaining momentum, such as BankID in the Nordics. Analysing the impact on payment transactions alone, the benefits can be significant. For example, according to Visa’s own analysis, when an eID solution is used to authenticate an online payment transaction, fraud rates can improve by up to 500 basis points, and authorisation rates can double, while abandonment rates plummet.
As more governments develop trust frameworks for national or regional eID approaches, such as eID AS 2.0 in the European Union and the UK, it therefore makes sense for banks and payment card issuers to weigh up the benefits of acting as identity information providers and making use of eIDs.
Banks, after all, have always been involved in verifying, ascribing, and conferring the identity of their customers. Also, the identity market has similar dynamics to the payment market (with the issuance of credentials on one side, and the acquisition of merchants on the other). And, according to Visa research, consumers would put their trust in an eID proposition that is offered by a well-recognised and established brand, backed by some form of government oversight.
As more businesses enter the eID space, it will help to build trust in the eID proposition and bring yet more integrity to online payments. Most tantalising of all, they can help to solve one of the biggest challenges of the wider digital ecosystem – and finally consign one of the oldest internet memes to history.
Stay current with the latest payments insights from Visa Navigate Europe - subscribe today.
All brand names, logos and/or trademarks are the property of their respective owners, are used for identification purposes only, and do not necessarily imply product endorsement or affiliation with Visa.
Case studies, statistics, research and recommendations are provided “AS IS” and intended for informational purposes only and should not be relied upon for operational, marketing, legal, technical, tax, financial or other advice. Visa does not make any warranty or representation as to the completeness or accuracy of the information within this article, nor assume any liability or responsibility that may result from reliance on such Information. The information contained herein is not intended as legal advice, and readers are encouraged to seek the advice of a competent legal professional where such advice is required.
1 According to research commissioned by NordPass, October 2020, https://www.techradar.com/news/most-people-have-25-more-passwords-than-at-the-start-of-the-pandemic
2 According to research commissioned by HYPR, December 2019, https://blog.hypr.com/hypr-password-study-findings
3 According to research commissioned by Digital Guardian, September 2020, https://digitalguardian.com/blog/uncovering-password-habits-are-users-password-security-habits-improving-infographic
4 According to research commissioned by Iproov, May 2020, https://www.iproov.com/blog/16-online-purchases-abandoned-every-year-by-the-average-consumer-due-to-password-frustration